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Executive Registry 


MEMORANDUM FOR: 

Executive Secretary, National Telecommunications 
and Information Systems Security Committee, 
National Security Agency 


FROM: 

txecutive Director, CIA 

SUBJECT: Suggested Agenda Topics and Comments on Proposed 

Procedures for the NTISSC and Its Two 
Permanent Subcommittees 

REFERENCE: Chairman, NTISSC Ltr (COMSEC 1-2/160), dtd 5 Oct 1984, 

Subject: NTISSC Representation 


(CS 

^ STAT- 

STAT 


1. This memorandum provides a suggested agenda item and comments on the 
proposed procedures for the National Telecommunications and Information 
Systems Security Committee (NTISSC) and its two permanent subcommittees. The 
Executive Director, CIA, will represent the DCI, including his Intelligence 
Community responsibilities. 

2. We recommend that a comprehensive telecommunications and automated 
information systems security threat briefing be provided to the NTISSC, 
including a summary of the security vulnerabilities in DOD systems which were 
identified in a recently completed survey for the SECDEF. 

3. We reviewed the proposed charter for the NTISSC and its two permanent 
subcommittees and believe that the changes noted in the attachment provide 
clarification and ensure consistency with the NSDD. We particularly note that 
paragraph 7e of the proposed Subcommittee on Automated Information Systems 
Security (SAISS) charter defines guidance to include program and budget 
matters. NSDD/145, however, makes a clear distinction in the program and 
budget responsibilities of the System Security Steering Group, the Executive 
Agent, and the National Manager with respect to automated information systems 
security vice telecommunications security. Automated information security 
program and budget recommendations, for example, are only to be reviewed in 
aggregate. Therefore, we believe that it is inappropriate for the SAISS to 
provide program and budget guidance to the departments and agencies. Our 
concerns can be accommodated by changing the second sentence of paragraph 7e 
of the SAISS charter to read as follows: 
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"Guidance as defined herein refers to a policy, direction, 
decision, instruction or advice which concerns planning or applying 
automated information systems security requirements, standards, 
criteria, and equipments." 

4. I look forward to participating in the first meeting of the NTISSC on 
8 November. 


Attachment: a/s 
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SUBJECT: Suggested Agenda Topics and Comments on Proposed 
Procedures for the NTISSC and Its Two 
Permanent Subcommittees 


Distri bution: 

Oriq - Adse (Return to ICS/IHC) 
1 - EXDIR/CIA 
1 - DCI 
1 - DDCI 
1 - D/ICS 
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Recommended Changes to the NTISSC 
and Its Two Permanent Subcommittees 


Change last sentence of paragraph 7, Section VII, of the NTISSC charter to 
read: “Following receipt by the chair, the reports and recommendations 
shall be forwarded to the full NTISSC for review, formal approval or 
disapproval, and forwarded as appropriate." 

Rationale : Clarification of roles and responsibilities of NTISSC 

Change last two sentences of paragraph 5a of the proposed operating 
procedures of both subcommittees to read: "The chair shall vote in the 
event of a tie. Dissenting views, with supporting rationale, may be 
provided by any representative, brought to the attention of the NTISSC 
Secretariat, and forwarded to the full Committee." 

Rationale: Clarification of voting procedures and handling of dissenting 
views 

Delete the specific identification of the chairman of the subcommittees 
and replace with: "The Chairman of the NTISSC, with the concurrence of a 
majority of the NTISSC voting members, will nominate the chairmen of the 
subcommi ttees. " 

Rationale: To ensure future flexibility in determining chairmen of 
subcommittees. Also, should be accomplished by memorandum from the NTISSC 
Chairman rather than included in the charter. 

Insert the following sentence at the beginning of paragraph 3, Section II, 
of the NTISSC charter: "The Committee shall make recommendations to the 
Steering Group on Committee membership." 

Rationale : Consistency with NSDD/145 

Delete the first nine words of paragraph 1, Section VII, of the NTISSC 
charter and insert the following: "The Committee shall submit annually an 
evaluation of the status of national telecommunications and automated 
information systems security with respect to established objectives and 
priorities. Included in the evaluation will be . . . ." 

Rationale : Consistency with NSDD/145 

Replace paragraph 4, Section VII of the NTISSC charter with corresponding 
language from paragraph 5b(4) of NSDD/145: "The Committee shall identify 
systems which handle sensitive, non- government infomation, the loss and 
exploitation of which could adversely affect the national security 
interest, for the purpose of encouraging, advising and, where appropriate, 
assisting the private sector in applying security measures." 

Rationale: Consistency with NSDD/145 
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0 Insert in second paragraph, first line of STS charter after the word 

matters, "relating to telecommunications security" so that this paragraph 
reads: "Matters relating to telecommunications security under the 
cognizance of the STS and subject to the deliberations and actions of the 
STS include . . . 

Rationale : Consistency with NSDD/145 

0 Change the second sentence, paragraph 7e, of the SAISS charter to read: 
"Guidance as defined herein refers to a policy, direction, decision, 
instruction or advice which concerns planning or applying automated 
information systems security requirements, standards, criteria, and 
equipments. " 

Rationale: Consistency with NSDD/145 
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